From 64f11f515d8925944a28d6e4e4a813ec88c1d0c0 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Tue, 4 Apr 2017 13:07:48 +1000 Subject: [PATCH] Add example of luaossl integration Based on 'info' sample --- samples/luaossl/client.lua | 40 ++++++++++++++++++++++++++ samples/luaossl/server.lua | 58 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 samples/luaossl/client.lua create mode 100644 samples/luaossl/server.lua diff --git a/samples/luaossl/client.lua b/samples/luaossl/client.lua new file mode 100644 index 0000000..a98b105 --- /dev/null +++ b/samples/luaossl/client.lua @@ -0,0 +1,40 @@ +-- +-- Public domain +-- +local socket = require("socket") +local ssl = require("ssl") + +local pkey = require "openssl.pkey" +local ssl_context = require "openssl.ssl.context" +local x509 = require "openssl.x509" +local x509_store = require "openssl.x509.store" + +local function read_file(path) + local file, err, errno = io.open(path, "rb") + if not file then + return nil, err, errno + end + local contents + contents, err, errno = file:read "*a" + file:close() + return contents, err, errno +end + +local ctx = ssl_context.new("TLSv1_2", false) +ctx:setPrivateKey(pkey.new(assert(read_file("../certs/clientAkey.pem")))) +ctx:setCertificate(x509.new(assert(read_file("../certs/clientA.pem")))) +local store = x509_store.new() +store:add("../certs/rootA.pem") +ctx:setStore(store) +ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT) + +local peer = socket.tcp() +peer:connect("127.0.0.1", 8888) + +-- [[ SSL wrapper +peer = assert( ssl.wrap(peer, ctx) ) +assert(peer:dohandshake()) +--]] + +print(peer:receive("*l")) +peer:close() diff --git a/samples/luaossl/server.lua b/samples/luaossl/server.lua new file mode 100644 index 0000000..3e4a9f5 --- /dev/null +++ b/samples/luaossl/server.lua @@ -0,0 +1,58 @@ +-- +-- Public domain +-- +local socket = require("socket") +local ssl = require("ssl") + +local pkey = require "openssl.pkey" +local ssl_context = require "openssl.ssl.context" +local x509 = require "openssl.x509" +local x509_store = require "openssl.x509.store" + +local function read_file(path) + local file, err, errno = io.open(path, "rb") + if not file then + return nil, err, errno + end + local contents + contents, err, errno = file:read "*a" + file:close() + return contents, err, errno +end + +local ctx = ssl_context.new("TLSv1_2", true) +ctx:setPrivateKey(pkey.new(assert(read_file("../certs/serverAkey.pem")))) +ctx:setCertificate(x509.new(assert(read_file("../certs/serverA.pem")))) +local store = x509_store.new() +store:add("../certs/rootA.pem") +ctx:setStore(store) +ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT) + + +local server = socket.tcp() +server:setoption('reuseaddr', true) +assert( server:bind("127.0.0.1", 8888) ) +server:listen() + +local peer = server:accept() + +-- [[ SSL wrapper +peer = assert( ssl.wrap(peer, ctx) ) + +-- Before handshake: nil +print( peer:info() ) + +assert( peer:dohandshake() ) +--]] + +print("---") +local info = peer:info() +for k, v in pairs(info) do + print(k, v) +end + +print("---") +print("-> Compression", peer:info("compression")) + +peer:send("oneshot test\n") +peer:close()